Syntax

Parameters

The handle of the private key to use to create the secret agreement value. This key and the hPubKey key must come from the same CNG cryptographic algorithm provider.

hPubKey [in]

The handle of the public key to use to create the secret agreement value. This key and the hPrivKey key must come from the same CNG cryptographic algorithm provider.

phSecret [out]

A pointer to a BCRYPT_SECRET_HANDLE that receives a handle that represents the secret agreement value. This handle must be released by passing it to the BCryptDestroySecret function when it is no longer needed.

dwFlags [in]

A set of flags that modify the behavior of this function. No flags are defined for this function.

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return code

Description

STATUS_SUCCESS

The function was successful.

STATUS_INVALID_HANDLE

The key handle in the hPrivKey or hPubKey parameter is not valid.

STATUS_INVALID_PARAMETER

One or more parameters are not valid.

STATUS_NOT_SUPPORTED

The key handle in the hPrivKey parameter is not a Diffie-Hellman key.

Remarks

Depending on what processor modes a provider supports, BCryptSecretAgreement can be called either from user mode or kernel mode. Kernel mode callers can execute either at PASSIVE_LEVELIRQL or DISPATCH_LEVEL IRQL. If the current IRQL level is DISPATCH_LEVEL, the handles provided in the hPrivKey and hPubKey parameters must be derived from an algorithm handle returned by a provider that was opened by using the BCRYPT_PROV_DISPATCH flag, and any pointers passed to the BCryptSecretAgreement function must refer to nonpaged (or locked) memory.

To call this function in kernel mode, use Cng.lib, which is part of the Driver Development Kit (DDK). For more information, see WDK and Developer Tools.

Windows Server 2008 and Windows Vista: To call this function in kernel mode, use Ksecdd.lib.